[Phase 1.4.1] Add rate limiting to gateway channels

[richard-devbot]

Phase

Phase 1 — Critical Security | Track 1.4 — Resource Controls | Priority: P1 MEDIUM

Problem

CWE: CWE-770 — Allocation of Resources Without Limits

No rate limiting exists. A single user or attacker can:

• Flood the agent with messages, consuming LLM API credits
• Trigger excessive tool executions
• Cause denial of service for other users

Fix

Create `operator_use/gateway/rate_limiter.py`:

• Sliding window rate limiter (configurable: default 30 req/min)
• Per-user tracking by channel user ID
• Configurable in `config.json`: `"rate_limit": {"max_requests": 30, "window_seconds": 60}`
• Apply at gateway level before message reaches orchestrator
• Return friendly "rate limited" message to user

Acceptance Criteria

• Rate limiter module created
• Configurable per-channel limits
• Per-user tracking
• Friendly rate limit message sent to user
• Tests for: normal usage, burst, sustained overload, window reset
• Integration with gateway channels

References

• CWE-770
• Design Doc: docs/plans/2026-03-29-security-ai-guardrails-performance-design.md